Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
SLAP and FLOP: Complex vulnerabilities in Apple CPUs
SLAP and FLOP: Complex vulnerabilities in Apple CPUs
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,121
Threads: 10,248
Thanks Received: 9,332 in 7,478 posts
Thanks Given: 10,292
Joined: 12 September 18
#1
Bug  11 February 25, 09:38
Quote:New research demonstrates for the first time how hardware vulnerabilities in modern CPUs can be exploited in practice.

Researchers from universities in Germany and the U.S. recently showcased an interesting attack — or rather, two attacks — exploiting two different vulnerabilities in Apple CPUs. Picture this: someone sends you a link in a chat. When you click it, nothing looks suspicious at first. It doesn’t ask for your work email password, doesn’t try to get you to download a sketchy file. The page might even contain something fun or useful. But while you’re busy browsing it, hidden code is secretly harvesting data from another browser tab  — checking your location, recent online purchases, and even stealing your emails.

The description of the attack seems simple enough, but in reality, we’re talking about a very complex attack that exploits the features of so-called speculative execution by the CPU.

Wait a minute! Haven’t we heard this before?

You just might have. The core idea of the new attacks resembles various Spectre-type attacks that exploit other, albeit somewhat similar, vulnerabilities in Intel and AMD CPUs. We’ve covered those attacks before. In 2022, four years after the first Spectre vulnerability was discovered, we concluded that there was no realistic, easy, or effective way to exploit those vulnerabilities. Although exploiting these new Apple chip vulnerabilities isn’t straightforward either, the difference this time is that the researchers have already provided fairly realistic attack scenarios and proved their feasibility. To see just how dangerous these vulnerabilities are, let’s briefly recap the basic principles behind all such attacks without getting bogged down in complicated research.

Exploiting speculative execution logic

Speculative execution refers to a situation where the processor executes the next instruction without waiting for the previous one to finish. Let’s draw a somewhat odd yet helpful analogy here with a car. Imagine your car starts the engine automatically every time you approach it. If you’re just passing by, the engine stops (as such, the operation is unnecessary). But if you’re about to set off driving, it’s ready to go as soon as you get in.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
QOwnNotes
26.4.3  When pres...Kool — 05:38
K-Lite Codec Pack 19.6.0 / 19.6.5 Update
Changes in 19.6.5 ...harlan4096 — 07:54
Hardware Monitor 1.63
Hardware Monitor 1...harlan4096 — 07:53
Adobe Acrobat Reader DC 26.001.21367
Adobe Acrobat Read...harlan4096 — 07:50
QOwnNotes
26.4.2  Improved ...Kool — 06:42

[-]
Birthdays
Today's Birthdays
avatar (43)Sanfordbup
avatar (38)Der.Reisende
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (47)creatralGuelm
avatar (38)procnipsut
avatar (44)accenwibly
avatar (41)ahyvily
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (39)vemedProkbior
avatar (38)RobertUtelt
avatar (46)JamesZic
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>